Title: [201737] trunk/Source/_javascript_Core
- Revision
- 201737
- Author
- [email protected]
- Date
- 2016-06-06 20:02:06 -0700 (Mon, 06 Jun 2016)
Log Message
octal and binary parsing is wrong for some programs
https://bugs.webkit.org/show_bug.cgi?id=158437
Reviewed by Saam Barati.
When there is an error parsing an binary or octal literal, we need to clear the returnValue
of any residual value. This is because the processing of returnValue happens before the
syntax check for the extra character. Without clearing returnValue, we end trying to
categorize the value as an INTEGER or DOUBLE token. If the value happens to be an
impure NaN, we ASSERT.
* parser/Lexer.cpp:
(JSC::Lexer<T>::parseBinary):
(JSC::Lexer<T>::parseOctal):
* tests/stress/regress-158437.js: New test.
Modified Paths
Added Paths
Diff
Modified: trunk/Source/_javascript_Core/ChangeLog (201736 => 201737)
--- trunk/Source/_javascript_Core/ChangeLog 2016-06-07 02:40:10 UTC (rev 201736)
+++ trunk/Source/_javascript_Core/ChangeLog 2016-06-07 03:02:06 UTC (rev 201737)
@@ -1,3 +1,21 @@
+2016-06-06 Michael Saboff <[email protected]>
+
+ octal and binary parsing is wrong for some programs
+ https://bugs.webkit.org/show_bug.cgi?id=158437
+
+ Reviewed by Saam Barati.
+
+ When there is an error parsing an binary or octal literal, we need to clear the returnValue
+ of any residual value. This is because the processing of returnValue happens before the
+ syntax check for the extra character. Without clearing returnValue, we end trying to
+ categorize the value as an INTEGER or DOUBLE token. If the value happens to be an
+ impure NaN, we ASSERT.
+
+ * parser/Lexer.cpp:
+ (JSC::Lexer<T>::parseBinary):
+ (JSC::Lexer<T>::parseOctal):
+ * tests/stress/regress-158437.js: New test.
+
2016-06-06 Mark Lam <[email protected]>
32-bit JSC stress test failing: stress/recursive-try-catch.js.ftl-no-cjit-validate-sampling-profiler
Modified: trunk/Source/_javascript_Core/parser/Lexer.cpp (201736 => 201737)
--- trunk/Source/_javascript_Core/parser/Lexer.cpp 2016-06-07 02:40:10 UTC (rev 201736)
+++ trunk/Source/_javascript_Core/parser/Lexer.cpp 2016-06-07 03:02:06 UTC (rev 201737)
@@ -1568,8 +1568,10 @@
shift();
}
- if (isASCIIDigit(m_current))
+ if (isASCIIDigit(m_current)) {
+ returnValue = 0;
return false;
+ }
returnValue = parseIntOverflow(m_buffer8.data(), m_buffer8.size(), 2);
return true;
@@ -1606,8 +1608,10 @@
shift();
}
- if (isASCIIDigit(m_current))
+ if (isASCIIDigit(m_current)) {
+ returnValue = 0;
return false;
+ }
returnValue = parseIntOverflow(m_buffer8.data(), m_buffer8.size(), 8);
return true;
Added: trunk/Source/_javascript_Core/tests/stress/regress-158437.js (0 => 201737)
--- trunk/Source/_javascript_Core/tests/stress/regress-158437.js (rev 0)
+++ trunk/Source/_javascript_Core/tests/stress/regress-158437.js 2016-06-07 03:02:06 UTC (rev 201737)
@@ -0,0 +1,11 @@
+// This test should not crash.
+
+try {
+ let x = eval("0o19");
+} catch(e) {
+}
+
+try {
+ let x = eval("0b19");
+} catch(e) {
+}
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
